Carmelo Romano, Author at Clever Solutions Ltd

Of Vulnerability, Complacency and the three pillars of Data Security

Posted by on Jan 8, 2013 in Blog, Information Technology |

The backbone of modern business is based on information. Investments are made to use digital process to serve clients quicker. Digital information availability strongly affects the efficiency with which processes are performed. Nowadays, it is normal that businesses have different types of data stored either at the company’s data centre or on the cloud. A company may have a billing system, business records, CRM systems, emails, web servers, production systems, HR systems, ERP systems and much more, sharing a common set of servers. As a result, concerns are brought up about who should have access to different subsets of all this information. The Three Pillars  One of the first issues that is brought up is confidentiality. It is not wise to have business records published for all to see. Indeed, data protection laws restrict what personal data is made publicly available. Confidentiality pulls in a different direction to availability. While confidentiality is about segregating information according to its sensitivity and restricting it accordingly, availability is concerned with making information accessible and available. There is a third consideration that needs to be address and this is integrity. What is the use of all the data if we are not sure that it is accurate and reliable? Integrity includes authenticity; non-repudiation and accountability, meaning that information has not changed in an unauthorized manner and that the origin of the data can be traced and associated to a particular user. This triumvirate of forces forms a balance in order to allow information to flow to those who are allowed to see it, be changed by those who are allowed to change it and restrict it to anyone else. The balance is never easy to find. There are always risks involved. The only secure system is a system that is switched off, disconnected and locked up. But that kind of a system is not useful to anyone. As a result certain risks have to be taken in order to balance Availability, Integrity and Confidentiality. As an example, one particularly easy to understand risk is the possibility of hardware failure. When hardware fails, availability is affected. During the system design phase and on regular intervals thereafter, one has to weigh the cost of not having the information system available against the cost of having a fail-over system.  In the majority of cases, losing information is catastrophic to the business concerned. Another example is the risk that arises from the fact that systems are connected to networks and in many cases to the Internet. Operating systems and software applications are not perfect. Vulnerabilities are discovered during their lifetime and these are usually repaired through security updates. Vulnerabilities are like master keys to your system. They...

Read More

7 surprising reasons for open source software

Posted by on Jul 16, 2012 in Information Technology | 2 comments

As a person who has been involved in the IT industry for over 30 years, I was quite surprised when I came across this blog article on open source software in the BPiM LinkedIn group. This post deals individually with the misconceptions on open source listed in the linked article. First of all, it is important to be clear on what open source software is. In simple terms (and this is actually complex), the main points that define open source software are:  free redistribution, the source code must be publicly available, and derived works must be distributed according to the original license. You can find the exact (page long) definition here. To sum it up briefly, there can be four cases: –        Proprietary software you pay for, example: Microsoft Office –        Proprietary software  that is free: AVG –        Open source software you pay for: Red Hat Enterprise –        Open source software that is free: Firefox This article deals with the software that falls in the last two categories. Consultation: the article linked to above implies that choosing open source software leaves you on your own. This cannot be further from the truth. There are many IT companies that support open-source software. For example, we at Clever Solutions Ltd, help clients understand the benefits they may enjoy when they choose to use open-source software. Like us, there are many other companies worldwide that support open source software. Open source software generally offers an alternative business model, where users have no or little initial investment and only pay for continuous development and professional support. This support is sometimes advantageously available from multiple vendors, unlike with proprietary software, and thus reduces your business risk. Integration: When you first build your custom software, it is impossible to cater for all possible future scenarios. When requirements change and additional functionality is required, it is often the case that shortcomings are discovered, requiring previous code to be modified. For open-source software, with worldwide user take up, many of these shortcomings would have already been taken care of. Thus when further development is required, the probability of getting stuck due to inflexible code is more remote. It is important to remember that open-source does not mean free or unprofessional, and that many governments and millions of businesses rely on open-source software. That on its own says a lot. Customisation: I have to reiterate that there are many companies who provide customisation for open source software. Although one may think that bespoke software caters for all your whims and needs, one has to consider two important factors: 1) how long will it take to develop the software and 2) how much will it cost? Open source software may not be a 100% fit...

Read More

A Short History of Persistant Data Storage Media

Posted by on Mar 13, 2012 in Information Technology | 1 comment

Over the last 50 years, pressure from users who constantly require more storage for data has pushed research and development to produce higher density storage. In this article, we shall take a look persistent data storage media starting from the arrival of the famous Floppy Disk. The floppy disk was not the first invention that was capable of storing data, but its size and availability gave personal computers a huge boost. The origin of the floppy disk can be traced to IBM when in 1967 a device for uploading microcode to their System/370 mainframe was required. The result was an 8″ Floppy Disk that had a storage capacity of 256KB. These drives where used in microcomputers of the early 1970s. A popular operating system of the time, the CP/M, was sold on 8″ disks. By 1976, a 5.25″ version of the floppy disk was produced. The first model could save 90KB of data. Disks were very expensive. I remember purchasing 10 disks for Lm30 (€70) in 1982. It is no wonder that, at the time, many people used to cut another index hole and a read/write slot so that the disk could be used on both sides, doubling the storage to 180KB. Advances in drive production saw the storage capacity of the 5.25″ drive to increase to 1.2MB. In 1983, a consortium of 23 media companies agreed on the 3.5″ diskette format. Apple used the new drive in their new Macintosh computers and consequently popularised the new media, which could save up to 1.44MB of data. The next significant development for the personal computer was the hard disk. The first hard disks to appear on the market in the early 80’s, had a capacity of 5MB. Over the years, the storage capacity of hard disks doubled every two to four years. From the 5MB drive of the early 80’s, the highest density drive available today is 4TB, almost a million times increase in capacity. Although the hard disk has found itself in practically all personal computers, it is now facing challenges from other technologies. Tthe Solid State Disk (SSD) has already found itself in a number of computers. With no moving parts, the SSD is much faster than a normal hard disk. Currently the cost per GB for a SSD is much higher than that for the HD and perhaps this is what is keeping hard disks reigning in data storage for the time being. One storage media that saw its existance even before the floppy was the tape drive. In fact, before the floppy drive became a standard peripheral in personal computers, a cassette recorder was the device used to store applications and data. However, the tape drives...

Read More

Why You Should Value Your Privacy

Posted by on Feb 28, 2012 in Information Technology |

The subject of privacy is so wide and complex that many just brush it aside not giving it the importance that it is due. The first issue with privacy is its definition. Can privacy be defined? Intuitively one may say yes yet on the other hand, the answer may be different. Robert Post in his paper The Three Concepts of Privacy states that “privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various distinct meanings, that I sometimes despair whether it can be usefully addressed at all”. In today’s world the biggest issue on privacy is perhaps the Internet. What may be considered private by some individuals, may well be considered as public information by others. The fact that information is freely submitted to a third party in the process of obtaining a service, may render that information non-private. For example, are the words you submit on a search engine considered private? The fact that the search is freely submitted may render the whole process to be considered non-private. In-fact, certain search engines use the information to build a profile on each user promising so they may optimize their advertising so it is in line with the user’s interests and lifestyle. Is this an intrusion on privacy? Another possible threat comes from the establishment. This comes in the form of legislation aimed at giving the government more power to access information about its citizens. It is frequently argued that those who have nothing to hide have nothing to fear. Although this statement may seem logical, the concept of privacy is infact muddled with the idea that those who are hiding something are in fact hiding a wrong. In reality, everyone has something to hide and that does not mean that something bad is being concealed. People hide their private life as an instinctive defense mechanism to protect who they are. For example, it is not normal for one to publish one’s own bank account statements, even if there is nothing wrong with them. People use curtains on windows and close doors to protect their privacy even if they are doing nothing wrong. What’s wrong with that? Privacy is an important part of anybody’s make-up. It is part of what makes us unique. It allows us to do things that would otherwise be impossible such as doing charitable work in secret. Those who profess that they have nothing to hide and are prepared to give up some of their privacy in the hope of paving the way to get criminals caught, should think deeper of their belief. As we progress, more and more surveilance is being implemented and taken as a norm. In...

Read More

Keep on guard with basic IT security measures

Posted by on Nov 18, 2011 in Information Technology | 1 comment

The overflow of information bombarding us in this digital age is constantly wearing down our guard against security breaches. Many are too happy to click on the “OK install the Trojan” button without contemplating what that means. How many emails does one receive supposedly from friends, claiming urgency and requesting the recipient to open an attachment? Once caught off guard, the consequences could be anything from losing a simple file to having the infected computer spying on the company and publishing confidential data. Information security can never be taken lightly. There is a dark side to the internet, which is governed by hackers and data destroyers. The intention of the former is to steal data and sell it to those who care to buy and use it, whilst the latter are just happy to create havoc wherever they can penetrate. Therefore, it is essential that one keeps alert for signs of trickery whilst using the Internet. Below are some basic IT security measures that can help: If you are using your credit card online make sure the site that you are connected to is a secure site. This can be confirmed by the protocol in use (https:// instead of the normal and unsecured http://). Do not provide more information than is really necessary. Example: let’s say you are going on holiday for a week and want to inform those who email you that you are going to be out of office. Just say that you will be out of office. If instead you say that you are on holiday till so and so date, you will be giving additional information that can be used against you. For one, you will be telling everyone that your home will most probably be empty till you return. Or perhaps, giving information to someone who wants to take the excuse to obtain something from your office, knowing well that you are not going to be there. Passwords should never be written down and left under the keyboard or near the monitor, its like leaving the front door key under the flower pot near the main door. If you are backing up your data, ensure that the backed-up data is also secure. If possible, do not allow sole control of your system to only one person as this increases your dependability on that person. The most important thing is to think before you act. Always consider what consequences may follow your actions and then act accordingly. What other basic IT security measures do you use? Clever Solutions Ltd is a Malta based IT Consultancy. One of our services involves helping companies set up their IT systems. Our expertise, and experience serving various industries, helps...

Read More